Watch your code!

The headlines screamed - SQL Server and IIS are hacked! In fact, this was a standard SQL Injection attack - which has nothing specifically to do with IIS or SQL Server. A SQL Injection attack is a result of not validating user-input, and it works against any DB and application that isn’t written properly.

In point of fact, SQL Server 2005 has No major security bulletins at all. Hey, bash any company all you want, but make sure you get your facts straight. Don’t take what any journalist says without checking-including me! More here on SQL Injection.